|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: dave (dave
immunityinc.com)
Date: Tue Jul 28 2009 - 13:21:01 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael Howard has some of the gritty details of the Killbit bypass here
(see Bug #2):
http://blogs.msdn.com/sdl/archive/2009/07/28/atl-ms09-035-and-the-sdl.aspx
I still don't really understand the vulnerability (do you have to get
one ActiveX control instantiated in order to send it the marshalled
property map that instantiates the vulnerable object?). But the patches
are out, so the information as free as it wanted to be.
- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkpvQY0ACgkQtehAhL0ghep0KgCZAYW54dUIZf38qGsrjbeTI6A2
YD0AnjfE+jAcHiLQGDqK+wDS+uWlwP43
=e8Fa
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]